Security Leftovers

posted by Roy Schestowitz on May 09, 2026

• LWN ☛ Security updates for Friday

  Security updates have been issued by AlmaLinux (libsoup and mingw-libtiff), Debian (apache2, chromium, lcms2, libreoffice, and prosody), Fedora (openssl and perl-Starman), Oracle (git-lfs, libsoup, and perl-XML-Parser), Slackware (libgpg, mozilla, and php), SUSE (389-ds, cairo, cf-cli, chromedriver, cri-tools, freeipmi, gnutls, grafana, java-11-openjdk, java-17-openjdk, jetty-minimal, libmariadbd-devel, librsvg, mesa, mozjs52, mutt, nix, opencryptoki, python-Django, python-django, python-pytest, rmt-server, thunderbird, traefik, webkit2gtk3, wireshark, and xen), and Ubuntu (civicrm, dpkg, htmlunit, lcms2, libpng1.6, linux, linux-*, linux-azure, linux-azure-fips, linux-raspi, linux-xilinx, lua5.1, nasm, opam, openexr, openjpeg2, owslib, postfix, postfixadmin, and vim).

• Security Week ☛ In Other News: Train Hacker Arrested, PamDOORa GNU/Linux Backdoor, New CISA Director Frontrunner

  Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses backdoored Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry.

• Security Week ☛ ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

  The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more.

• Scoop News Group ☛ Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI

  Agentic Hey Hi (AI) is more popular than ever, but researchers keep finding trivial ways to hijack LLMs for nefarious purposes.

• Security Week ☛ Vulnerability in Claude Extension for Chrome Exposes Hey Hi (AI) Agent to Takeover

  Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension.

• Federal News Network ☛ What does the FCC have to do with cyber security?

  "Cyber attackers do not care, they look for any kind of vulnerability, whether it's as simple as a router to something more complex," said Zenji Nakazawa.

• Security Week ☛ Hey Hi (AI) Firm Braintrust Prompts API Key Rotation After Data Breach

  Hackers accessed one of the company’s proprietary trap AWS accounts and compromised Hey Hi (AI) provider secrets stored in Braintrust.

• Security Week ☛ Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

  The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply.

• Security Week ☛ Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom

  A system that thousands of schools and universities use went offline due to a cyberattack, creating chaos as students tried to study for finals.

• Security Week ☛ Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

  CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.

• Security Week ☛ Ransomware Group Takes Credit for Trellix Hack

  RansomHouse has published several screenshots to demonstrate access to internal Trellix services.